Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,592 questions
When OS and defender updates are performed, do you disable UWF first?
UWF with Windows Defender
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 25%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Daniel CP
1
Reputation point
Hi Everyone,
I have been using Windows Embedded (now IoT) since XP embedded for systems manufactured by my company. We are currently using Windows IoT Enterprise 2019 with UWF enabled. I would like to enable Windows Defender on the systems, but it writes into the "ProgramData\Microsoft\Windows Defender" folder every time it updates or runs a scan. I have this folder Excluded from the overlay, but since the overlay still grows with excluded files the overlay completely fills up after about a week of scans.
Microsoft's recommendation is to use junction points instead of exclusions, however Windows Defender protects this folder and does not allow it to be moved. I have also looked to see if the defender folder can be changed in a registry key, but I was not successful.
Has anyone else dealt with and resolved this issue?
Thank you.
2 answers
Sort by: Most helpful
-
Sean Liming 4,511 Reputation points2021-03-30T02:18:40.123+00:00 -
Daniel CP 1 Reputation point
2021-04-06T21:23:13.5+00:00 When OS updates are performed, UWF is disabled. When defender updates are performed UWF is enabled. Defender updates seem to happen nearly every day so disabling UWF is not practical. I have followed the Microsoft recommendation for excluding the updates from UWF protection, and it does work as expected with the exception of the overlay growing anyway.
P.S. I love your books and have read all of them since XP Embedded.
-
Sean Liming 4,511 Reputation points
2021-04-07T01:30:46.12+00:00 One problem is that all writes regardless of write-through or no-write-through are written to the overlay. If the system is not rebooted, the UWF overlay will fill up. I don't know your system, but maybe performing a reboot once in a while might help. The UWF API can provide information on overlay size. A program could be written to detect when the overlay is getting full and trigger a message or just reboot.
The other problem is controlling Windows update. I recommend that Windows Update be turned off, and you control the updates that get put on the system. Most of my clients will put a tested update package (included windows defender update) out twice a year, and one sooner if a critical update is needed to get out. Controlling updates allow you to test all the updates so they don't break anything.
Thanks for the feedback on the books!
Sign in to comment -
-
Teemo Tang 11,336 Reputation points2021-03-30T02:36:37.967+00:00 Unfortunately, there is not a solution for your demand, what I can think of is a workaround.
If you find that overlay completely fills up after about a week of scans, we can delete all files in C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store, defender still appears to be working fine.-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.